One Phish, Two Phish, Old Phish, New Phish

Phishing (fish’ing) n. A method of fraudulently obtaining personal information by sending spoofed emails that look like they come from trusted sources.

Pharming (färm’ing) n. A method of redirecting Internet traffic to a fake web site through domain spoofing.

Whether you’re a casual web surfer or immersed in a cyber lifestyle, all Internet users are under assault by phishing emails, pharming sites, and crimeware. Because cyber criminals use botnets—groups of hijacked PCs—to launch untraceable spam-based phishing attacks, the number of phishing and pharming schemes has grown immeasurably. Criminals are using blended or multifaceted attacks—which combine multiple crimeware techniques—to steal identities and hijack systems, often fooling even savvy users.

Phishing Tricks

When they set up a fake web site, phishers attract users through spam or targeted emails, hoping to get lucky and find real customers of the hijacked bank, e-retailer, or credit card company. The emails can be extremely convincing, such as a message from eBay saying that your credit card has been declined, or from Citibank saying that they have detected unauthorized activity on your account. The messages frequently feature logos, coloring schemes, and company mottos (“Avis: We Try Harder”) that seem legitimate.

One example is a spam email that claimed to be from BBC News. It introduced a news story of interest, with a “Read more…” link to lead users to a fake BBC News site. The fraudulent site looked exactly like the real BBC News site’s pages and carried real news stories copied from the BBC site. These fake web pages exploited the unpatched “Create Text Range” vulnerability in order to download and install a keylogger, which monitored users’ activity on various financial web sites and sent the captured information back to the hacker.

Pharming Techniques

Pharming uses DNS (Domain Name Service) hijacking to misdirect users to a fake site by altering the DNS for the target web site. Or, the system redirects users to authentic web sites through phisher-controlled proxies that can be used to monitor and intercept keystrokes.

The spoofed sites collect credit card numbers, account names, passwords, and Social Security numbers. They do this by either displaying a popup to steal the information before sending the user to the real site, by using a self-signed certificate to fake authentication and get the user to trust it enough to enter personal data on the spoofed site, or by painting over the address and status bar of the browser to trick the user into thinking they are on the legitimate site so that they enter their information.

Crimeware—Deceptive Downloads

Phishers use tricks to install crimeware on consumers’ computers to steal information directly. In most cases, you don’t know you are infected, and only see a slight slowdown in computer performance, or notice blips in operation that they attribute to normal software glitches. Computer security software is a necessary tool to prevent crimeware from installing if you get caught in an attack.

In a deceptive download ploy, Trojan keyloggers and other spywarepiggyback onto legitimate software, or the hacker can corrupt a legitimate site using bad scripts so that the software downloads secretly in the background when the user visits a site they trust. Phishers also use social engineering to persuade users to download the software from their site directly by convincing them that the software is something that they want, such as a screensaver or music download program.

Once the crimeware is installed, you are in trouble. It can cause the browser to launch spoofed sites, it can hijack the PC’s host file to redirect the computer to spoofed sites, and it can use keystroke loggers and screen scrapers to record and send stolen data back to the hacker. Crimeware also installs rootkits that execute under the radar and hide the presence of the spyware, or can turn the PC into a remote-controlled bot ready to launch a massive spam campaign or Denial of Service (DoS) attack.
Phishing Trends

By all accounts, phishing attacks are on a steep rise. Tens of thousands of unique phishing cases surface each year, and these numbers are growing exponentially. New phishing sites are also seeing a similar growth trend, as well as password-stealing malicious code URLs. The United States hosts the most phishing sites, followed by China and the Republic of Korea.

Phishers are narrowing their focus and targeting attacks against large financial and e-commerce firms; for example, out of every hundred brands that are hijacked, approximately five account for 80 percent of all phishing campaigns. Also, as eBay and large financial institutions take more proactive measures to combat phishing, criminals are moving downstream to credit unions and other companies that might not be as technologically savvy. As people become smarter about phishing, attacks will be less like spam and, instead, take more advantage of targeted weaknesses.